Back to skill

Security audit

Intelligence Suite

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent public news-monitoring tool, with some dependency and output-quality cautions but no evidence of hidden data access, persistence, exfiltration, or destructive behavior.

Install only if you are comfortable with a Node-based tool fetching public news pages and their linked articles. Treat scraped snippets as untrusted web text, review dependency versions before installing, and be aware that the global monitor includes one hardcoded placeholder entertainment item that should not be treated as real news.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Unpinned Dependencies

Low
Category
Supply Chain
Content
"test": "echo \"Error: no test specified\" && exit 1"
  },
  "dependencies": {
    "axios": "^1.6.0",
    "cheerio": "^1.0.0-rc.12",
    "rss-parser": "^3.13.0"
  },
Confidence
92% confidence
Finding
"axios": "^1.6.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "axios": "^1.6.0",
    "cheerio": "^1.0.0-rc.12",
    "rss-parser": "^3.13.0"
  },
  "keywords": ["intelligence", "news", "ai", "makima"],
  "author": "Makima",
Confidence
90% confidence
Finding
"rss-parser": "^3.13.0"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2026-44494 (axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `co); CVE-2026-44495 (axios Vulnerable to Credential Theft and Response Hijacking via Prototype Pollut); CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
axios==1.6.0

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.